'\" t .\" Title: pwck .\" Author: Julianne Frances Haugh .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 02/04/2024 .\" Manual: System Management Commands .\" Source: shadow-utils 4.13 .\" Language: English .\" .TH "PWCK" "8" "02/04/2024" "shadow\-utils 4\&.13" "System Management Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pwck \- verify the integrity of password files .SH "SYNOPSIS" .HP \w'\fBpwck\fR\ 'u \fBpwck\fR [options] [\fIPASSWORDFILE\fR\ [\ \fISHADOWFILE\fR\ ]] .SH "DESCRIPTION" .PP The \fBpwck\fR command verifies the integrity of the users and authentication information\&. It checks that all entries in /etc/passwd and /etc/shadow have the proper format and contain valid data\&. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors\&. .PP Checks are made to verify that each entry has: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} the correct number of fields .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} a unique and valid user name .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} a valid user and group identifier .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} a valid primary group .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} a valid home directory .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} a valid login shell .RE .PP Checks for shadowed password information are enabled when the second file parameter \fISHADOWFILE\fR is specified or when /etc/shadow exists on the system\&. .PP These checks are the following: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} every passwd entry has a matching shadow entry, and every shadow entry has a matching passwd entry .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} passwords are specified in the shadowed file .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} shadow entries have the correct number of fields .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} shadow entries are unique in shadow .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} the last password changes are not in the future .RE .PP The checks for correct number of fields and unique user name are fatal\&. If the entry has the wrong number of fields, the user will be prompted to delete the entire line\&. If the user does not answer affirmatively, all further checks are bypassed\&. An entry with a duplicated user name is prompted for deletion, but the remaining checks will still be made\&. All other errors are warnings and the user is encouraged to run the \fBusermod\fR command to correct the error\&. .PP The commands which operate on the /etc/passwd file are not able to alter corrupted or duplicated entries\&. \fBpwck\fR should be used in those circumstances to remove the offending entry\&. .SH "OPTIONS" .PP The \fB\-r\fR and \fB\-s\fR options cannot be combined\&. .PP The options which apply to the \fBpwck\fR command are: .PP \fB\-\-badname\fR\ \& .RS 4 Allow names that do not conform to standards\&. .RE .PP \fB\-h\fR, \fB\-\-help\fR .RS 4 Display help message and exit\&. .RE .PP \fB\-q\fR, \fB\-\-quiet\fR .RS 4 Report errors only\&. The warnings which do not require any action from the user won\*(Aqt be displayed\&. .RE .PP \fB\-r\fR, \fB\-\-read\-only\fR .RS 4 Execute the \fBpwck\fR command in read\-only mode\&. .RE .PP \fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR .RS 4 Apply changes in the \fICHROOT_DIR\fR directory and use the configuration files from the \fICHROOT_DIR\fR directory\&. Only absolute paths are supported\&. .RE .PP \fB\-s\fR, \fB\-\-sort\fR .RS 4 Sort entries in /etc/passwd and /etc/shadow by UID\&. .RE .PP By default, \fBpwck\fR operates on the files /etc/passwd and /etc/shadow\&. The user may select alternate files with the \fIpasswd\fR and \fIshadow\fR parameters\&. .SH "CONFIGURATION" .PP The following configuration variables in /etc/login\&.defs change the behavior of this tool: .PP \fBNONEXISTENT\fR (string) .RS 4 If a system account intentionally does not have a home directory that exists, this string can be provided in the /etc/passwd entry for the account to indicate this\&. The result is that pwck will not emit a spurious warning for this account\&. .RE .PP \fBPASS_MAX_DAYS\fR (number) .RS 4 The maximum number of days a password may be used\&. If the password is older than this, a password change will be forced\&. If not specified, \-1 will be assumed (which disables the restriction)\&. .RE .PP \fBPASS_MIN_DAYS\fR (number) .RS 4 The minimum number of days allowed between password changes\&. Any password changes attempted sooner than this will be rejected\&. If not specified, 0 will be assumed (which disables the restriction)\&. .RE .PP \fBPASS_WARN_AGE\fR (number) .RS 4 The number of days warning given before a password expires\&. A zero means warning is given only upon the day of expiration, a negative value means no warning is given\&. If not specified, no warning will be provided\&. .RE .SH "FILES" .PP /etc/group .RS 4 Group account information\&. .RE .PP /etc/passwd .RS 4 User account information\&. .RE .PP /etc/shadow .RS 4 Secure user account information\&. .RE .SH "EXIT VALUES" .PP The \fBpwck\fR command exits with the following values: .PP \fI0\fR .RS 4 success .RE .PP \fI1\fR .RS 4 invalid command syntax .RE .PP \fI2\fR .RS 4 one or more bad password entries .RE .PP \fI3\fR .RS 4 can\*(Aqt open password files .RE .PP \fI4\fR .RS 4 can\*(Aqt lock password files .RE .PP \fI5\fR .RS 4 can\*(Aqt update password files .RE .PP \fI6\fR .RS 4 can\*(Aqt sort password files .RE .SH "SEE ALSO" .PP \fBgroup\fR(5), \fBgrpck\fR(8), \fBpasswd\fR(5), \fBshadow\fR(5), \fBusermod\fR(8)\&.